PE question

All development related issues welcome

Moderator: Moderator Team

Post a reply

PE question

Postby CHCNiZ » Fri Jan 22, 2010 4:50 am

Hello, I am wondering if anyone knows a way to determine the size of a exe from its header? I have a massive blob of data with a executeable in the center and want to extract it and execute it.
CHCNiZ
 
Posts: 2
Joined: Tue Dec 09, 2008 10:51 pm
Top

Re: PE question

Postby Lone_Rifle » Fri Jan 22, 2010 10:48 am

Hello, and thanks for dropping by. May I ask about your intentions? As you can understand, the development team does not wish to engage in clandestine activities and your query might serve in the building of, say, a worm that is small enough to escape most AV scanners (see recent exploits on Adobe Reader by the Chinese) which then decrypts and extracts an executable payload.
Lone_Rifle
Test Team
 
Posts: 802
Joined: Thu Apr 03, 2008 2:17 pm
Top

Postby hto » Fri Jan 22, 2010 3:45 pm

SizeOfImage
hto
 
Posts: 2188
Joined: Sun Oct 01, 2006 3:43 pm
Top

Re: PE question

Postby CHCNiZ » Fri Jan 22, 2010 5:41 pm

My intention is because I am trying to extract the executeable of a game, and modify it, the executable is packed and cannot be disassembled, but in memory it is unpacked, I simply want to have that executeable that is unpacked, because I wish to modify it, without coding something to modify memory addresses of the process.

hto: thanks, I was told about this earlier before, but didn't see that the PE header isn't the main header, that its a bit after
CHCNiZ
 
Posts: 2
Joined: Tue Dec 09, 2008 10:51 pm
Top

Postby hto » Fri Jan 22, 2010 6:44 pm

There is no guarantee that SizeOfImage will help; some executables, such as installers, can have stuff beyond it.
hto
 
Posts: 2188
Joined: Sun Oct 01, 2006 3:43 pm
Top
Post a reply

Return to Development Help

Who is online

Users browsing this forum: No registered users and 2 guests

Powered by phpBB® Forum Software © phpBB Group